Reflection Cryptanalysis of Some Ciphers

In this paper, we provide a theoretical infrastructure of the reflection attack. In addition, we mount the reflection attack on some ciphers such as GOST, DEAL and a variant of DES. The attack method exploits certain similarities among round functions which have not been utilized in the previous self-similarity attacks. As an illustration, we introduce a chosen plaintext attack on full-round GOST under the assumption that its S-boxes are bijective. The attack works on approximately 2224 keys and its complexity is 2192 steps with 232 chosen plaintexts. Also, we introduce a known plaintext attack on 30-round GOST, which works for any key. The key is recovered with 2224 steps by using only 232 known plaintexts. As another example, we deduce that the reflection attack works on DEAL for certain keys. For instance, a 192-bit DEAL-key can be identified as a weak key by using approximately 266 known plaintexts. Then, the key can be recovered with 2136 steps. The number of weak keys of 192-bit DEAL is roughly 280.

[1]  Alex Biryukov,et al.  Advanced Slide Attacks , 2000, EUROCRYPT.

[2]  Don Coppersmith,et al.  The Real Reason for Rivest's Phenomenon , 1985, CRYPTO.

[3]  Ronald L. Rivest,et al.  Is DES a Pure Cipher? (Results of More Cycling Experiments on DES) , 1985, CRYPTO.

[4]  Jongsung Kim,et al.  Related-Key Rectangle Attack on the Full SHACAL-1 , 2006, Selected Areas in Cryptography.

[5]  Stefan Lucks On Security of the 128-Bit Block Cipher DEAL , 1999, FSE.

[6]  Kwangjo Kim,et al.  Information Security and Cryptology — ICISC 2001 , 2002, Lecture Notes in Computer Science.

[7]  Serge Vaudenay,et al.  Decorrelation: A Theory for Block Cipher Security , 2003, Journal of Cryptology.

[8]  Mitsuru Matsui,et al.  Linear Cryptanalysis Method for DES Cipher , 1994, EUROCRYPT.

[9]  Bruce Schneier,et al.  Key-Schedule Cryptanalysis of IDEA, G-DES, GOST, SAFER, and Triple-DES , 1996, CRYPTO.

[10]  Eli Biham,et al.  A Simple Related-Key Attack on the Full SHACAL-1 , 2007, CT-RSA.

[11]  Gustavus J. Simmons,et al.  Cycle Structures of the DES with Weak and Semi-Weak Keys , 1986, CRYPTO.

[12]  Andrew Odlyzko,et al.  Advances in Cryptology — CRYPTO’ 86 , 2000, Lecture Notes in Computer Science.

[13]  Eli Biham,et al.  A Unified Approach to Related-Key Attacks , 2008, FSE.

[14]  Gustavus J. Simmons,et al.  Cycle Structure of the DES for Keys Having Palindromic (or Antipalindromic) Sequences of Round Keys , 1987, IEEE Transactions on Software Engineering.

[15]  Mihir Bellare,et al.  The Security of Triple Encryption and a Framework for Code-Based Game-Playing Proofs , 2006, EUROCRYPT.

[16]  Gregory V. Bard,et al.  Algebraic and Slide Attacks on KeeLoq , 2008, FSE.

[17]  Eli Biham,et al.  Differential Cryptanalysis of the Data Encryption Standard , 1993, Springer New York.

[18]  Eli Biham,et al.  Improved Slide Attacks , 2007, FSE.

[19]  Lars R. Knudsen,et al.  Cryptanalysis of LOKI91 , 1992, AUSCRYPT.

[20]  Jongsung Kim,et al.  Related-Key Rectangle Attacks on Reduced Versions of SHACAL-1 and AES-192 , 2005, FSE.

[21]  Matt Henricksen,et al.  Design, Implementation and Cryptanalysis of Modern Symmetric Ciphers , 2005 .

[22]  Information Security and Privacy , 1996, Lecture Notes in Computer Science.

[23]  Serge Vaudenay,et al.  Advances in Cryptology - EUROCRYPT 2006 , 2006, Lecture Notes in Computer Science.

[24]  Aggelos Kiayias,et al.  Polynomial Reconstruction Based Cryptography , 2001, Selected Areas in Cryptography.

[25]  Toshinobu Kaneko,et al.  Differential Cryptanalysis of Reduced Rounds of GOST , 2000, Selected Areas in Cryptography.

[26]  S. Babbage Improved “exhaustive search” attacks on stream ciphers , 1995 .

[27]  Alex Biryukov,et al.  Slide Attacks , 1999, FSE.

[28]  Orhun Kara,et al.  A New Class of Weak Keys for Blowfish , 2007, FSE.

[29]  Bart Preneel,et al.  Advances in cryptology - EUROCRYPT 2000 : International Conference on the Theory and Application of Cryptographic Techniques, Bruges, Belgium, May 14-18, 2000 : proceedings , 2000 .

[30]  Bruce Schneier,et al.  Key-Schedule Cryptanalysis of DEAL , 1999, Selected Areas in Cryptography.

[31]  Jovan Dj. Golic,et al.  Cryptanalysis of Alleged A5 Stream Cipher , 1997, EUROCRYPT.

[32]  Walter Fumy,et al.  Advances in Cryptology — EUROCRYPT ’97 , 2001, Lecture Notes in Computer Science.

[33]  Eli Biham,et al.  Related-Key Boomerang and Rectangle Attacks , 2005, EUROCRYPT.

[34]  Eli Biham,et al.  New types of cryptanalytic attacks using related keys , 1994, Journal of Cryptology.

[35]  Bruce Schneier,et al.  Description of a New Variable-Length Key, 64-bit Block Cipher (Blowfish) , 1993, FSE.

[36]  Jennifer Seberry,et al.  Advances in Cryptology — AUSCRYPT '92 , 1992, Lecture Notes in Computer Science.

[37]  Gerhard Goos,et al.  Fast Software Encryption , 2001, Lecture Notes in Computer Science.

[38]  Tor Helleseth,et al.  Advances in Cryptology — EUROCRYPT ’93 , 2001, Lecture Notes in Computer Science.

[39]  Seokhie Hong,et al.  Related Key Differential Attacks on 27 Rounds of XTEA and Full-Round GOST , 2004, FSE.

[40]  Ronald Cramer,et al.  Advances in Cryptology - EUROCRYPT 2005, 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Aarhus, Denmark, May 22-26, 2005, Proceedings , 2005, EUROCRYPT.

[41]  Kefei Chen,et al.  Advances in Cryptology - ASIACRYPT 2006, 12th International Conference on the Theory and Application of Cryptology and Information Security, Shanghai, China, December 3-7, 2006, Proceedings , 2006, ASIACRYPT.

[42]  Jongsung Kim,et al.  Related-Key Rectangle Attacks on Reduced AES-192 and AES-256 , 2007, FSE.

[43]  Ed Dawson,et al.  Key Schedules of Iterative Block Ciphers , 1998, ACISP.

[44]  Soichi Furuya,et al.  Slide Attacks with a Known-Plaintext Cryptanalysis , 2001, ICISC.

[45]  Neal Koblitz,et al.  Advances in Cryptology — CRYPTO ’96 , 2001, Lecture Notes in Computer Science.

[46]  Masayuki Abe,et al.  Topics in Cryptology CT-RSA 2007 , 2007 .